lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 18 Aug 2023 08:26:06 -0700
From: Yonghong Song <yonghong.song@...ux.dev>
To: Geliang Tang <geliang.tang@...e.com>, Alexei Starovoitov
 <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>,
 Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau
 <martin.lau@...ux.dev>, Song Liu <song@...nel.org>,
 Yonghong Song <yhs@...com>, John Fastabend <john.fastabend@...il.com>,
 KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...gle.com>,
 Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>,
 Florent Revest <revest@...omium.org>, Brendan Jackman
 <jackmanb@...omium.org>, Matthieu Baerts <matthieu.baerts@...sares.net>,
 Mat Martineau <martineau@...nel.org>, "David S. Miller"
 <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
 Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
 John Johansen <john.johansen@...onical.com>, Paul Moore
 <paul@...l-moore.com>, James Morris <jmorris@...ei.org>,
 "Serge E. Hallyn" <serge@...lyn.com>,
 Stephen Smalley <stephen.smalley.work@...il.com>,
 Eric Paris <eparis@...isplace.org>, Mykola Lysenko <mykolal@...com>,
 Shuah Khan <shuah@...nel.org>, Simon Horman <horms@...nel.org>
Cc: bpf@...r.kernel.org, netdev@...r.kernel.org, mptcp@...ts.linux.dev,
 linux-security-module@...r.kernel.org, selinux@...r.kernel.org,
 linux-kselftest@...r.kernel.org
Subject: Re: [PATCH bpf-next v14 1/4] bpf: Add update_socket_protocol hook



On 8/18/23 1:24 AM, Geliang Tang wrote:
> On Wed, Aug 16, 2023 at 09:11:56AM +0800, Geliang Tang wrote:
>> Add a hook named update_socket_protocol in __sys_socket(), for bpf
>> progs to attach to and update socket protocol. One user case is to
>> force legacy TCP apps to create and use MPTCP sockets instead of
>> TCP ones.
>>
>> Define a fmod_ret set named bpf_mptcp_fmodret_ids, add the hook
>> update_socket_protocol into this set, and register it in
>> bpf_mptcp_kfunc_init().
>>
>> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/79
>> Acked-by: Matthieu Baerts <matthieu.baerts@...sares.net>
>> Acked-by: Yonghong Song <yonghong.song@...ux.dev>
>> Signed-off-by: Geliang Tang <geliang.tang@...e.com>
>> ---
>>   net/mptcp/bpf.c | 15 +++++++++++++++
>>   net/socket.c    | 26 +++++++++++++++++++++++++-
>>   2 files changed, 40 insertions(+), 1 deletion(-)
>>
>> diff --git a/net/mptcp/bpf.c b/net/mptcp/bpf.c
>> index 5a0a84ad94af..8a16672b94e2 100644
>> --- a/net/mptcp/bpf.c
>> +++ b/net/mptcp/bpf.c
>> @@ -19,3 +19,18 @@ struct mptcp_sock *bpf_mptcp_sock_from_subflow(struct sock *sk)
>>   
>>   	return NULL;
>>   }
>> +
>> +BTF_SET8_START(bpf_mptcp_fmodret_ids)
>> +BTF_ID_FLAGS(func, update_socket_protocol)
>> +BTF_SET8_END(bpf_mptcp_fmodret_ids)
>> +
>> +static const struct btf_kfunc_id_set bpf_mptcp_fmodret_set = {
>> +	.owner = THIS_MODULE,
>> +	.set   = &bpf_mptcp_fmodret_ids,
>> +};
>> +
>> +static int __init bpf_mptcp_kfunc_init(void)
>> +{
>> +	return register_btf_fmodret_id_set(&bpf_mptcp_fmodret_set);
>> +}
>> +late_initcall(bpf_mptcp_kfunc_init);
>> diff --git a/net/socket.c b/net/socket.c
>> index 5d4e37595e9a..fdb5233bf560 100644
>> --- a/net/socket.c
>> +++ b/net/socket.c
>> @@ -1657,12 +1657,36 @@ struct file *__sys_socket_file(int family, int type, int protocol)
>>   	return sock_alloc_file(sock, flags, NULL);
>>   }
>>   
>> +/*	A hook for bpf progs to attach to and update socket protocol.
>> + *
>> + *	A static noinline declaration here could cause the compiler to
>> + *	optimize away the function. A global noinline declaration will
>> + *	keep the definition, but may optimize away the callsite.
>> + *	Therefore, __weak is needed to ensure that the call is still
>> + *	emitted, by telling the compiler that we don't know what the
>> + *	function might eventually be.
>> + *
>> + *	__diag_* below are needed to dismiss the missing prototype warning.
>> + */
>> +
>> +__diag_push();
>> +__diag_ignore_all("-Wmissing-prototypes",
>> +		  "A fmod_ret entry point for BPF programs");
> 
> Hi Martin & Yonghong,
> 
> I got a sparse warning for this new added 'update_socket_protocol':
> 
>   > touch net/socket.c && make C=1 net/socket.o
> 
>   net/socket.c:1676:21: warning: symbol 'update_socket_protocol' was not declared. Should it be static?

This is a sparse warning. Let us ignore it for now. We already have
__diag_ignore for missing prototypes in the above, but sparse won't 
recognize them. Also, 'static' is conflict with '__weak' attribute,
and we cannot remove '__weak' attribute.

> 
> What should I do to fix it, or should I just leave it here? Please give
> me some suggestions.
> 
> Thanks,
> -Geliang
> 
>> +
>> +__weak noinline int update_socket_protocol(int family, int type, int protocol)
>> +{
>> +	return protocol;
>> +}
>> +
>> +__diag_pop();
>> +
>>   int __sys_socket(int family, int type, int protocol)
>>   {
>>   	struct socket *sock;
>>   	int flags;
>>   
>> -	sock = __sys_socket_create(family, type, protocol);
>> +	sock = __sys_socket_create(family, type,
>> +				   update_socket_protocol(family, type, protocol));
>>   	if (IS_ERR(sock))
>>   		return PTR_ERR(sock);
>>   
>> -- 
>> 2.35.3
>>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ